Embed Size (px)
Citation preview
Data protection and European citizens’
initiativesChristian D’Cunha
Legal officer, European Data Protection Supervisor
Brussels, 15 April 2014
Trust (1)
Trust (2)
Trust in protecting personal data
Eurobarometer 359 (2010)
About the EDPS
Established in 2004• appointed by a joint decision of the EP and
the Council for a 5 year mandate• Peter Hustinx, Giovanni Buttarelli
Three main tasks• Supervision & enforcement• Policy consultation• Cooperation
Data protection: the basics What is personal data?
Any information relating to an identified or identifiable natural person (the ‘data subject’)
What is an identifiable person?
Someone who ‘can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity’
Examples of personal data• CVs, diplomas, recommendation letters, criminal records, medical certificates, photos
• Students databases with all your administrative and evaluation related data held by your university
• Medical data and health related data
• Genetic data
• Customer data held by your telephone company, telephone calls and voicemails
• Information held by your email account provider
• Transport data, body scanners in airports
• Video-surveillance cameras
European law: Two fundamental rights
1 - The right to privacy
ECHR (1950), Article 8:
Everyone has the right to respect for his or her private and family life, home and correspondence
EU Charter of Fundamental Rights (2000), Article 7 :
…and communications.
European law: Two fundamental rights
2 - The right to data protection EU Charter of Fundamental Rights, Article 8:
1. Everyone has the right to the protection of personal data concerning him or her.
. 2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate
basis laid down by law.
Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.
3. Compliance with these rules shall be subject to control by an independent authority
A landmark judgment
Judgment in Joined Cases C-293/12 and C-594/12
Digital Rights Ireland and Seitlinger and Others
8 April 2014
The legal framework Council of Europe Convention 108 (1981) – cornerstone, but
concept very limited - “appropriate sanctions and remedies” and “effective protection”
Article 16 TFEU and Article 7 and 8 of Charter for Fundamental Rights
Directive 95/46/EC ‘Data Protection Directive’
Regulation 45/2001 establishes the EDPS
Directive 2002/58/EC ‘e-Privacy’ specific rules applicable to electronic communications services
Framework Decision 2008/977/EC police and judicial cooperation
Under negotiation since Jan 2012: General Data Protection Regulation and ‘Police Directive’
ECIs and data protection
• Procedures and collection of statements of support (Article 5, Regulation 211/2011)
• Online collection systems (Art. 6)
• Verification and certification (Art. 8)
• Data protection (Art. 12)
